commit f5f73201ef869ee1c3573c48093cf6072180cfc3
author dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Wed Jul 01 18:39:20 2020 +0000
committer Akron <nils@diewald-online.de> Fri Jul 24 13:48:14 2020 +0200
tree b6acbd3e5037b38e2c2617a0cccd87e834c5584e
parent fa8b22840fa3f02754d70bc5d1ac6e26a8a5c555

Bump log4j-core from 2.10.0 to 2.13.2 - Closes #81

Bumps log4j-core from 2.10.0 to 2.13.2.

Change-Id: Ifacf26b63a6fffb6285dbe437c22a9c9fe397e51
Signed-off-by: dependabot[bot] <support@github.com>

Changes

diff --git a/Changes b/Changes
index 5407915..eb96cf5 100644
--- a/Changes
+++ b/Changes
@@ -1,8 +1,11 @@
-0.59.2 2020-06-18
+0.59.2 2020-07-24
     - [feature] Add fingerprint method to index (diewald)
     - [bugfix] Fix deserialization of spans with attributes (diewald)
     - [bugfix] Change order of attribute payloads in attribute queries
       (diewald)
+    - [bugfix] Security upgrade of Log4J for CVE-2020-9488
+      (dependabot, diewald)
+    
       Warning: This may break compatibility for attribute queries
                in indices not created using KorAP::XML::Krill.
 

pom.xml

diff --git a/pom.xml b/pom.xml
index 2f61a5a..b6d879d 100644
--- a/pom.xml
+++ b/pom.xml
@@ -90,22 +90,22 @@
 		<dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-api</artifactId>
-			<version>2.10.0</version>
+			<version>2.13.2</version>
 		</dependency>
     <dependency>
 			<groupId>org.apache.logging.log4j</groupId>
 			<artifactId>log4j-core</artifactId>
-			<version>2.10.0</version>
+			<version>2.13.2</version>
 		</dependency>
     <dependency>
       <groupId>org.apache.logging.log4j</groupId>
       <artifactId>log4j-slf4j-impl</artifactId>
-      <version>2.10.0</version>
+      <version>2.13.2</version>
     </dependency>
 		<dependency>
 			<groupId>org.slf4j</groupId>
 			<artifactId>jul-to-slf4j</artifactId>
-			<version>1.7.25</version>
+			<version>1.7.30</version>
 		</dependency>
 		
 		<dependency>